Qnap Systems Inc.
Products
3- 10 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
12| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50387 | 0.02 | — | 0.23 | Dec 6, 2024 | A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later | ||
| CVE-2025-62857 | 0.00 | — | 0.00 | Jan 2, 2026 | A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later | ||
| CVE-2025-52425 | 0.00 | — | 0.00 | Nov 7, 2025 | An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later | ||
| CVE-2025-58464 | 0.00 | — | 0.00 | Nov 7, 2025 | A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later | ||
| CVE-2025-54154 | 0.00 | — | 0.00 | Oct 3, 2025 | An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later | ||
| CVE-2024-38642 | 0.00 | — | 0.00 | Sep 6, 2024 | An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later | ||
| CVE-2023-47219 | 0.00 | — | 0.00 | Jan 5, 2024 | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | ||
| CVE-2023-47559 | 0.00 | — | 0.00 | Jan 5, 2024 | A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | ||
| CVE-2023-47560 | 0.00 | — | 0.00 | Jan 5, 2024 | An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | ||
| CVE-2023-41285 | 0.00 | — | 0.00 | Nov 10, 2023 | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | ||
| CVE-2023-41284 | 0.00 | — | 0.00 | Nov 10, 2023 | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | ||
| CVE-2023-39295 | 0.00 | — | 0.00 | Nov 10, 2023 | An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later |
- CVE-2024-50387Dec 6, 2024risk 0.02cvss —epss 0.23
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later
- CVE-2025-62857Jan 2, 2026risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later
- CVE-2025-52425Nov 7, 2025risk 0.00cvss —epss 0.00
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later
- CVE-2025-58464Nov 7, 2025risk 0.00cvss —epss 0.00
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later
- CVE-2025-54154Oct 3, 2025risk 0.00cvss —epss 0.00
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.1.1227 and later
- CVE-2024-38642Sep 6, 2024risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later
- CVE-2023-47219Jan 5, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
- CVE-2023-47559Jan 5, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
- CVE-2023-47560Jan 5, 2024risk 0.00cvss —epss 0.00
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
- CVE-2023-41285Nov 10, 2023risk 0.00cvss —epss 0.00
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later
- CVE-2023-41284Nov 10, 2023risk 0.00cvss —epss 0.00
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later
- CVE-2023-39295Nov 10, 2023risk 0.00cvss —epss 0.00
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later